17 May
2021
17 May
'21
11:57
On Sat, May 15, 2021 at 08:24:29PM +0200, Jogchum Reitsma wrote:
Hmm, up till an hour ago my only knowledge of apparmor was how it is pronounced, so I did some googling.
There is a file /etc/apparmor.d/ghostscript on my system.
aa-status mentions ghostscript is in enforce mode.
And /var/log/audit/audit.log contains the message
type=AVC msg=audit(1621101856.180:23935): apparmor="DENIED" operation="file_mmap" profile="ghostscript" name="/usr/local/lib64/libpcre2-8.so.0.8.0" pid=28013 comm="gs" requested_mask="m" denied_mask="m" fsuid=0 ouid=0
Wouldn't it be nice/conventional to have a time-stamp to match the errant activity against? Daniel